Compliance Core policies

Privacy Policy

How we collect, use, store, and protect personal data under UK GDPR.

Download document All policies

Source file updated 9 June 2026

Privacy Policy

MaysWeb — maysweb.cloud

Effective date: 9 June 2026

Controller: MaysWeb ("we", "us", "our")

Website: https://maysweb.cloud

Contact: [email protected] | +44 (0)2039 308 143

1. Purpose and scope

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, use our online tools, contact us, or receive our services.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) where applicable.

2. Personal data we collect

We may collect the following categories of personal data depending on how you interact with us:

  • � Identity and contact data (name, business name, email address, telephone number, billing address).
  • � Account and authentication data (login identifiers, role assignments, support panel credentials where applicable).
  • � Technical and usage data (IP address, browser type, device identifiers, pages viewed, tool inputs submitted for diagnostics, timestamps, and referral URLs).
  • � Communications data (messages, support tickets, call notes, and email correspondence).
  • � Billing and transaction data (invoices, payment references, and service configuration records).
  • � Special category data only where you explicitly provide it and we have a lawful basis to process it.

3. How we collect data

We collect personal data through:

  • � Direct interactions (contact forms, email, telephone, contracts, and support requests).
  • � Automated technologies (cookies, server logs, security monitoring, and diagnostic tools you choose to run).
  • � Third parties (registrars, payment processors, hosting infrastructure providers, and professional advisers where necessary).

4. Lawful bases for processing

We rely on one or more of the following lawful bases:

  • � Contract — to provide services you request or prepare to enter into a contract.
  • � Legitimate interests — to operate, secure, and improve our website and services, prevent abuse, and respond to enquiries, balanced against your rights.
  • � Legal obligation — to comply with tax, regulatory, or law-enforcement requirements.
  • � Consent — where required for non-essential cookies or specific marketing communications. You may withdraw consent at any time.

5. How we use personal data

  • � Deliver hosting, development, VOIP, email, IT support, and related professional services.
  • � Operate website tools, diagnostics, and security controls (including rate limiting and abuse prevention).
  • � Manage accounts, billing, service changes, and incident response.
  • � Communicate service updates, security notices, and contractual information.
  • � Maintain records for governance, quality assurance, and dispute resolution.

6. Sharing and international transfers

We do not sell personal data. We may share data with trusted processors (infrastructure, email delivery, payment, and professional services providers) under written agreements requiring appropriate safeguards.

Where data is transferred outside the UK, we implement appropriate safeguards such as UK International Data Transfer Agreements or adequacy regulations, unless a specific exemption applies.

7. Retention

We retain personal data only for as long as necessary for the purposes described in this policy, including legal, accounting, and reporting requirements.

Typical retention: active client records for the service term plus up to six years for contractual and tax records; security logs for up to twelve months unless a longer period is required for an investigation.

8. Security

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit, monitoring, patching, and staff confidentiality obligations.

No method of transmission or storage is completely secure. You are responsible for safeguarding credentials issued to you and notifying us promptly of suspected compromise.

9. Your rights

Under UK GDPR you may have the right to request access, correction, erasure, restriction, objection, or portability in certain circumstances, and to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

  • � Request access to your personal data.
  • � Request correction of inaccurate data.
  • � Request erasure in certain circumstances.
  • � Restrict or object to processing in certain circumstances.
  • � Request data portability where processing is based on consent or contract and carried out by automated means.

10. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects without human review. Online tools may generate technical recommendations, but these are informational and do not replace professional judgement.

11. Children

Our services are directed at businesses and professionals. We do not knowingly collect personal data from children under 16.

12. Changes and contact

We may update this policy from time to time by publishing a revised version on https://maysweb.cloud and updating the effective date.

Questions or rights requests: [email protected]. Please include sufficient detail for us to verify your identity and locate relevant records.